Lynx and RTI: The Art of Driving Down Mission-Critical System Costs

Part 13 of the RTI Military Avionics Blog Series

A guest blog by Ian Ferguson, VP Marketing and Strategic Alliances, Lynx Software Technologies

Lynx Software Technologies and RTI have successfully worked together for over two decades, with a wide range of industry design wins and use cases.  As we reflect back over those years, we have found three challenges our joint customers face that Lynx and RTI address, which when combined deliver immense benefits to the creators of connected mission-critical systems.

These three challenges are:

1. Customers need to drive down systems costs to be competitive

2. Customers need to open up their systems to a wide spectrum of solutions, and break apart vendor lock-in

3. Customers need to develop strategies that will rapidly enable reuse of both hardware and software solutions – the days of single-use software and hardware platforms are gone

Driving Down System Costs

Across industries, we are increasingly seeing systems being constructed out of multiple connected subsystems. These subsystems are either inside a specific vehicle like an armored vehicle or a plane, or, are a set of discrete connected, distributed platforms that are securely sharing information in real time, keeping with the vision of the Connected Battlefield.

The cost and weight advantages offered by Ethernet makes this a tantalizing path for internal connectivity. The challenge this presents is the lack of real-time determinism. This has led to the deployment of separate physical networks and bus protocols, such as ARINC 429 and MIL-STD-1553. Our customer base continues to demand a path to create real-time, distributed systems on cost-effective Ethernet-based networks to improve size, weight and power (SWaP), and most importantly, reduce complexity. Realizing this goal requires:

• Discrete subsystems that are physically separate or in virtual machines isolated via hardware-assisted virtualization. This distributed environment simplifies the path to both safety and security certification and raises the immunity of these systems to cybersecurity attack
• A standards-based technology that provides determinism across network interfaces 

Removing Vendor Lock-in

At the same time, global armed services are looking at strategies and techniques to open up systems and reduce vendor lock. These programs are often deployed for decades, so these architectures need to not only be resistant to changes in supply chain, but also capable of advancing functionality to keep systems globally competitive against all adversaries and ensuring functional safety and cybersecurity capabilities. Virtually every presentation from the U.S. armed services is driving a Modular Open Systems Approach (MOSA), and includes acronyms such as FACE^TM (Future Airborne Capability Environment), SOSA^TM (Sensor Open System Architecture) and other open capability standards.  As the old line goes, “the great thing about standards is that there are so many of them!”

In all seriousness, it is vital for the ecosystem of partners that are supporting the efforts of the military and aerospace industries to collaborate, so that our customers can reduce time-to-market, costs and program risk for the next generation of best-in-class platforms. This means aligning behind and investing in solutions that conform to the important standards. Both RTI and Lynx have been strong advocates of open standards such as POSIX and Data Distribution Service (DDS^TM) for decades, and are active participants in these standards, along with other standards such as FACE and SOSA. Thanks to the expert guidance of our FACE Verification Authority (VA), LDRA, Lynx has just completed the conformance certification of our real-time operating system, LynxOS-178 to the FACE Technical Standard, Edition 3.1 for the FACE Operating System Segment (OSS) General Purpose Profile for PowerPC, Arm and Intel processor architectures. The blog for this accomplishment is here.

This dovetails well with the recent announcement by RTI on the FACE 3.1 conformance certification of RTI Connext^Ⓡ TSS, along with RTCA DO-178C DAL A certification evidence for both Connext^Ⓡ Cert and Connext TSS.  Now, RTI and Lynx have both FACE conformance and DO-178C DAL A certification evidence available for their leading avionics solutions. This combination significantly drives down program risk for any customer building an avionics platform with FACE and DO-178C requirements.

Reuse of Proven System (Hardware and Software) Components 

One catalyst for this blog post was reading words from David Tremper’s keynote at the MOSA Virtual Summit, nicely written up by John McHale here. The presentation discussed the need for quantified metrics to validate the benefits of MOSA platforms and architectures. 

Nearly all the sought-after benefits of open system initiatives in the defense community – including the U.S. Army MOSA Transformation Office, U.S. Air Force OMS and the UK MoD Pyramid – hinge on engineers’ ability to effectively reuse system components across different software platforms and/or product lines. Progress has been made at the line replaceable unit (LRU) hardware level, but for software there are some weaknesses in modular standards that prohibit customers from achieving those compelling benefits.

Ideally, we want to enable system integrators to insert a software component into a system as easily as inserting a VPX card into a chassis. The current reality is that porting software across OS platforms is more akin to performing heart transplant surgery than it is to replacing a line card! 

That is because standards lack descriptions of expected behavior and side effects that can inform real-time and hazard analysis. They do not account for the system information that's needed to build, integrate and configure a comprehensive system to behave correctly. They also do not cover software components that reside in the operating system itself, such as drivers and health monitors. 

LYNX MOSA.ic ™ is the next-generation operating system environment designed specifically to overcome the obstacles of software reuse based on three key technologies – Hardware Virtualization, Standard Binary Interconnects and Unikernel architecture. At the core of LYNX MOSA.ic is a partitioning system that uses hardware virtualization to robustly separate safety and security domains. All mission system software running on LYNX MOSA.ic is confined within virtual machines that use standard VirtIO interconnects to compose complete systems. The use of VirtIO sets a new milestone in progressing software reusability in mission system integration where software components can be isolated and connected at the binary level – meaning previously compiled software can be inserted into LYNX MOSA.ic without recompiling the software. Unikernels are complete runtime environments that allow applications to locally resolve standard data service dependencies, e.g., the FACE TSS and OSS, in its local address space.  Typically, applications are deployed as incomplete modules where a large portion of the work demanded by applications is executing in a complex central space within the operating system, which creates separability, execution predictability and security concerns. 

The Unikernel architecture enables the construction of complete software modules and simpler execution timing of software functions. Unikernels can also be linked together to construct complete stacks out of separable segments. The figure below depicts a FACE software stack composed of replaceable software segment modules, wherein each module author is free to use their programming language and toolchains of choice, and a system integrator will connect the stack segments through standard binary interfaces.

Conclusion
After a lot of “discussion” about standards, market forces are turning these conversations into reality. As an industry, the principal motivation is time. Aligning to standards is simply the only way that technologies from the U.S. and its Allies can maintain their dominance over their rivals. The repercussions of keeping closed fiefdoms are being eradicated. With the carrot of end customers mandating these types of open platforms, companies in the supply chain are rallying to accelerate the delivery of valuable innovation around those standards. We need to do, and are indeed doing, more to drive down system costs, break apart vendor lock and truly deliver on the promise of hardware and software reuse.

To read other installments in the RTI Military Avionics Blog Series, please click here.

About the author

Ian Ferguson is the VP of Marketing and Strategic Alliances at Lynx Software Technologies. As such, he is responsible for all aspects of the outward-facing presence of Lynx Software Technologies to its customer, partner, press and analyst communities. Ian is also responsible for nurturing our partnership program to accelerate our engagement in mission-critical systems.